The Digital Operational Resilience Act (DORA) is a European Union (EU) regulation which refers to Information and Communication Technology (ICT) risk and sets rules on ICT risk-management, incident reporting, operational resilience testing and ICT third-party risk monitoring.
DORA specifically focuses on cyber resiliency aspects with specific emphasis on preparedness for the cyber-attacks on a particular environment. Clients need to be able to understand their current security posture as it relates to DORA and identify any gaps in order to avoid significant fines due to non-compliance.
DORA covers 5 main pillars as listed below
In IBM Z Security and Compliance Center (zSCC), a profile is a collection of related controls where all the applicable controls are mapped to goals. These profiles can be predefined to evaluate the compliance posture of a specific environment.
To help clients prepare for DORA, the zSCC has developed a predefined profile for DORA with the initial set of applicable controls to goals mapping. With this pre-defined profile, clients can take advantage of automating their compliance posture for DORA readiness and better understand the gaps in the environment.
DORA Profile view: controls to goal mapping in IBM Z Security and Compliance Center
IBM Z Security and Compliance Center will have a new DORA profile that will allow clients to see a graphical view of their current compliance posture as it relates to the new regulation.
Figure 1
Figure 2
Scan result view in IBM ZSCC dashboard
IBM Z Security and Compliance Center provides detailed results of a scan run against a desired profile. As seen in Figure 3, zSCC shows the result of an IBM z/OS scan run for a DORA profile. zSCC users can view the report in the dashboard as well as download it in .pdf and .xls format.
Figure 3
DORA is coming and clients need to prepare for it. This predefined DORA profile on zSCC will help clients be ready, as it:
- Provides detailed reports on compliance posture in an easy to consume view
- Enables clients to identify and prioritise compliance gaps.
- Allows clients to track progress as they prepare for DORA compliance
Learn more about IBM Z Security Compliance Center here
Please reach out to @Pradeep Parameshwaran and @Michael Zagorski for questions.